Support schema validation (Azure#277)

cds-snc · May 9, 2022 · ce6c27f · ce6c27f
1 parent 1d8dbd7
commit ce6c27f
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 3 deletions.
diff --git a/scripts/deployments/Functions/EnvironmentContext.ps1 b/scripts/deployments/Functions/EnvironmentContext.ps1
@@ -38,16 +38,18 @@ function New-EnvironmentContext {
     WorkingDirectory = $WorkingDirectory
 
     RolesDirectory = "$WorkingDirectory/roles"
-   
+
     PolicyCustomDefinitionDirectory = "$PolicyDirectory/custom/definitions/policy"
     PolicySetCustomDefinitionDirectory = "$PolicyDirectory/custom/definitions/policyset"
     PolicySetCustomAssignmentsDirectory = "$PolicyDirectory/custom/assignments"
     PolicySetBuiltInAssignmentsDirectory = "$PolicyDirectory/builtin/assignments"
-
+
+    SchemaDirectory = "$WorkingDirectory/schemas/latest"
+
     LoggingDirectory = "$WorkingDirectory/config/logging/$Environment"
     NetworkingDirectory = "$WorkingDirectory/config/networking/$Environment"
     SubscriptionsDirectory = "$WorkingDirectory/config/subscriptions/$Environment"
-  
+
     Variables = $Variables
     ManagementGroupHierarchy = $ManagementGroupHierarchy
 

diff --git a/scripts/deployments/Functions/HubNetworkWithAzureFirewall.ps1 b/scripts/deployments/Functions/HubNetworkWithAzureFirewall.ps1
@@ -33,6 +33,9 @@ function Get-AzureFirewallPolicy {
 
 function Set-AzureFirewallPolicy {
   param (
+    [Parameter(Mandatory = $true)]
+    $Context,
+
     [Parameter(Mandatory = $true)]
     [String]$Region,
 
@@ -45,6 +48,11 @@ function Set-AzureFirewallPolicy {
 
   Set-AzContext -Subscription $SubscriptionId
 
+  $SchemaFilePath = "$($Context.SchemaDirectory)/landingzones/lz-platform-connectivity-hub-azfw-policy.json"
+
+  Write-Output "Validation JSON parameter configuration using $SchemaFilePath"
+  Get-Content -Raw $ConfigurationFilePath | Test-Json -SchemaFile $SchemaFilePath
+
   Write-Output "Deploying to $SubscriptionId in $Region using $ConfigurationFilePath"
 
   New-AzSubscriptionDeployment `
@@ -80,6 +88,11 @@ function Set-HubNetwork-With-AzureFirewall {
 
   Set-AzContext -Subscription $SubscriptionId
 
+  $SchemaFilePath = "$($Context.SchemaDirectory)/landingzones/lz-platform-connectivity-hub-azfw.json"
+
+  Write-Output "Validation JSON parameter configuration using $SchemaFilePath"
+  Get-Content -Raw $ConfigurationFilePath | Test-Json -SchemaFile $SchemaFilePath
+
   # Load networking configuration
   $Configuration = Get-Content $ConfigurationFilePath | ConvertFrom-Json -Depth 100
 

diff --git a/scripts/deployments/Functions/HubNetworkWithNVA.ps1 b/scripts/deployments/Functions/HubNetworkWithNVA.ps1
@@ -37,6 +37,11 @@ function Set-HubNetwork-With-NVA {
 
   Set-AzContext -Subscription $SubscriptionId
 
+  $SchemaFilePath = "$($Context.SchemaDirectory)/landingzones/lz-platform-connectivity-hub-nva.json"
+
+  Write-Output "Validation JSON parameter configuration using $SchemaFilePath"
+  Get-Content -Raw $ConfigurationFilePath | Test-Json -SchemaFile $SchemaFilePath
+
   # Load networking configuration
   $Configuration = Get-Content $ConfigurationFilePath | ConvertFrom-Json -Depth 100
 

diff --git a/scripts/deployments/Functions/Logging.ps1 b/scripts/deployments/Functions/Logging.ps1
@@ -37,6 +37,9 @@ function Get-LoggingConfiguration {
 
 function Set-Logging {
   param (
+    [Parameter(Mandatory = $true)]
+    $Context,
+
     [Parameter(Mandatory = $true)]
     [String]$Region,
 
@@ -52,6 +55,11 @@ function Set-Logging {
 
   Set-AzContext -Subscription $SubscriptionId
 
+  $SchemaFilePath = "$($Context.SchemaDirectory)/landingzones/lz-platform-logging.json"
+
+  Write-Output "Validation JSON parameter configuration using $SchemaFilePath"
+  Get-Content -Raw $ConfigurationFilePath | Test-Json -SchemaFile $SchemaFilePath
+
   Write-Output "Moving Subscription ($SubscriptionId) to Management Group ($ManagementGroupId)"
   New-AzManagementGroupDeployment `
     -ManagementGroupId $ManagementGroupId `

diff --git a/scripts/deployments/Functions/Subscriptions.ps1 b/scripts/deployments/Functions/Subscriptions.ps1
@@ -56,6 +56,13 @@ function Set-Subscriptions {
     Write-Output "  - Archetype: $ArchetypeName"
     Write-Output "  - Region: $DeploymentRegion"
 
+    Set-AzContext -Subscription $SubscriptionId
+
+    $SchemaFilePath = "$($Context.SchemaDirectory)/landingzones/lz-$ArchetypeName.json"
+
+    Write-Output "Validation JSON parameter configuration using $SchemaFilePath"
+    Get-Content -Raw $FilePath | Test-Json -SchemaFile $SchemaFilePath
+
     $Configuration = Get-Content $FilePath | ConvertFrom-Json -Depth 100
 
     #region Check if Log Analytics Workspace Id is provided.  Otherwise set it.

diff --git a/scripts/deployments/RunWorkflows.ps1 b/scripts/deployments/RunWorkflows.ps1
@@ -118,6 +118,8 @@ Param(
 
 #Requires -Modules Az, powershell-yaml
 
+$ErrorActionPreference = "Stop"
+
 # In order to use this End to End script, you must configure ARM template configurations for Logging, Networking and Subscriptions.
 # Please follow the instructions on https://github.com/Azure/CanadaPubSecALZ/blob/main/docs/onboarding/azure-devops-pipelines.md
 # to setup the configuration files.  Once the configuration files are setup, you can choose to run this script or use Azure DevOps.
@@ -188,6 +190,7 @@ if ($DeployRoles) {
 if ($DeployLogging) {
   Write-Host "Deploying Logging..."
   Set-Logging `
+    -Context $Context `
     -Region $Context.Variables['var-logging-region'] `
     -ManagementGroupId $Context.Variables['var-logging-managementGroupId'] `
     -SubscriptionId $Context.Variables['var-logging-subscriptionId'] `
@@ -266,6 +269,7 @@ if ($DeployHubNetworkWithAzureFirewall) {
 
   # Create Azure Firewall Policy
   Set-AzureFirewallPolicy `
+    -Context $Context `
     -Region $Context.Variables['var-hubnetwork-region'] `
     -SubscriptionId $Context.Variables['var-hubnetwork-subscriptionId'] `
     -ConfigurationFilePath "$($Context.NetworkingDirectory)/$($Context.Variables['var-hubnetwork-azfwPolicy-configurationFileName'])"